|
202131
|
7.5 |
HIGH
Network
|
vareille
|
tinyfiledialogs
|
tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data.
|
NVD-CWE-noinfo
|
CVE-2020-36767
|
2024-11-21 14:30 |
2023-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202132
|
5.4 |
MEDIUM
Network
|
duxcms_project
|
duxcms
|
Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.
|
CWE-79
Cross-site Scripting
|
CVE-2020-36763
|
2024-11-21 14:30 |
2023-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202133
|
9.8 |
CRITICAL
Network
|
ons
|
ras_collection_instrument
|
A vulnerability was found in ONS Digital RAS Collection Instrument up to 2.0.27 and classified as critical. Affected by this issue is the function jobs of the file .github/workflows/comment.yml. The …
|
-
|
CVE-2020-36762
|
2024-11-21 14:30 |
2023-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202134
|
7.8 |
HIGH
Local
|
hitachi
|
compute_systems_manager
device_manager
replication_manager
tiered_storage_manager
tuning_manager
|
Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitach…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-36695
|
2024-11-21 14:30 |
2023-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202135
|
5.3 |
MEDIUM
Network
|
crypto-js_project
|
crypto-js
|
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-36732
|
2024-11-21 14:30 |
2023-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202136
|
6.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurren…
|
CWE-416
Use After Free
|
CVE-2020-36694
|
2024-11-21 14:30 |
2023-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202137
|
5.4 |
MEDIUM
Network
|
sophos
|
web_appliance
|
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that mus…
|
CWE-79
Cross-site Scripting
|
CVE-2020-36692
|
2024-11-21 14:30 |
2023-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202138
|
8.8 |
HIGH
Network
|
e-plugins
|
wp_membership
fitness_trainer
hotel_directory
hospital_\&_doctor_directory
lawyer_directory
institutions_directory
real_estate_pro
final_user
directory_pro
photographer…
|
The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress …
|
NVD-CWE-noinfo
|
CVE-2020-36666
|
2024-11-21 14:30 |
2023-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202139
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.
|
CWE-674
Uncontrolled Recursion
|
CVE-2020-36691
|
2024-11-21 14:30 |
2023-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202140
|
6.1 |
MEDIUM
Network
|
seotool_project
|
seotool
|
A vulnerability was found in Artesãos SEOTools up to 0.17.1 and classified as critical. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value …
|
CWE-601
Open Redirect
|
CVE-2020-36665
|
2024-11-21 14:30 |
2023-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
